Whitehouse Cyber Bill Entering Crucial Phase

Cybersecurity has been building steam in Congress for some time now. And this was supposed to be the year that a bill would pass.

But Senator John McCain has led a GOP revolt against his friend Senator Joe Lieberman's bill, arguing that it would be too onerous on industry.

Enter Senator Sheldon Whitehouse, who has joined with Republican Senator Jon Kyl in attempting to fashion a compromise. And it hasn't been easy. An initial framework for the measure got poor marks from the US Chamber of Commerce and other industry groups.

As The Hill reports, a revision is expected in the coming days. This could be an important moment:

The framework aims to find a middle ground on a contentious measure in
Sen. Joe Lieberman’s (I-Conn.) cybersecurity bill that would require
companies that operate critical infrastructure to meet a set of security
standards developed in part by the Homeland Security Department. A group of Senate Republicans and the Chamber have argued
that this measure would redirect the private sector’s focus from
improving the security of its networks and systems to complying with new
security rules.

“Everyone is anticipating the emergence of
some type of a bipartisan compromise to break the current stalemate,”
said Jessica Herrera-Flanigan, a partner at lobbying firm Monument
Policy Group. “As such, every potential proposal is being looked at
closely.”

The updated version of the framework does not include
legislative language and is expected to be shared with the Chamber early
next week, according to a Senate staffer.

In the meantime, Kyl
and Whitehouse’s offices have been keeping the proposal closely under
wraps. Spokesmen for Whitehouse and Kyl did not respond to requests for
comment about the framework.

The White House has also made it clear that it wants security standards for critical infrastructure to be a part of any cybersecurity legislation that comes out of Congress.

This
spring the White House issued a veto threat against a House
cybersecurity bill, the Cyber Intelligence Sharing and Protection Act,
that lacked critical infrastructure provisions and focused on improving
information sharing about cyberthreats instead. Keith Alexander, the
head of U.S. Cyber Command, and Homeland Security Secretary Janet
Napolitano have also argued that critical infrastructure operators
should be required to meet some sort of security standards when
testifying on the Hill this year.

The Senate has been gridlocked
on this question of how to better protect critical infrastructure since
Lieberman’s bill was introduced in February. A group of Senate
Republicans led by Sen. John McCain (R-Ariz.) are sponsoring a rival
cybersecurity measure that does not include security mandates for
critical infrastructure operators and focuses on improving information
sharing about cyberthreats between government and industry instead.

Lieberman
has said he expects Senate Majority Leader Harry Reid (D-Nev.) to take
up his bill after the July recess. Reid has not given a timeframe on
when the cybersecurity bill will see floor action but said he wants to
tackle the issue this year.

If Whitehouse and Kyl manage to get a compromise bill through, it will be a significant achievement; you can bet that pols on both sides of the aisle will be talking about "a step in the right direction."

But whatever they produce is bound to face criticism. Anything weaker than the Lieberman bill will be considered inadequate by many in the
cybersecurity field.

And Internet freedom advocates are wary of cybersecurity legislation for their own reasons, concerned that the private sector will be passing too much sensitive user information to the government.